43.248.20.111 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): China

运营商(isp): An Hui Aolong Wang Luo You Xian Gong Si

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Commercial

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	Attempts to probe for or exploit a Drupal site on url: /wp-login.php. Reported by the module https://www.drupal.org/project/abuseipdb.	2019-08-07 08:06:45

相同子网IP讨论:

IP	类型	评论内容	时间
43.248.20.105	attackbotsspam	php WP PHPmyadamin ABUSE blocked for 12h	2019-10-29 05:04:19
43.248.20.129	attack	Attempts to probe for or exploit a Drupal site on url: /wp-login.php. Reported by the module https://www.drupal.org/project/abuseipdb.	2019-08-20 05:54:20

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 43.248.20.111
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 46349
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;43.248.20.111.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019080602 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Aug 07 08:06:40 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

Host 111.20.248.43.in-addr.arpa. not found: 3(NXDOMAIN)

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

** server can't find 111.20.248.43.in-addr.arpa: NXDOMAIN

最新评论:

IP	类型	评论内容	时间
162.245.218.48	attack	Sep 21 11:18:38 s2 sshd[11483]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.245.218.48 Sep 21 11:18:40 s2 sshd[11483]: Failed password for invalid user testuser from 162.245.218.48 port 39824 ssh2 Sep 21 11:23:21 s2 sshd[11673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=162.245.218.48	2020-09-21 18:19:51
109.116.41.238	attackspam	Sep 21 08:19:05 scw-6657dc sshd[3452]: Failed password for root from 109.116.41.238 port 38142 ssh2 Sep 21 08:19:05 scw-6657dc sshd[3452]: Failed password for root from 109.116.41.238 port 38142 ssh2 Sep 21 08:23:08 scw-6657dc sshd[3609]: Invalid user guest from 109.116.41.238 port 47930 ...	2020-09-21 18:31:35
158.222.38.241	attackspam	Brute forcing email accounts	2020-09-21 18:21:10
187.193.246.47	attackbots	Unauthorised access (Sep 20) SRC=187.193.246.47 LEN=40 TTL=239 ID=9164 TCP DPT=1433 WINDOW=1024 SYN	2020-09-21 18:36:41
159.192.143.249	attackspam	Invalid user squid from 159.192.143.249 port 54968	2020-09-21 18:06:42
159.203.85.196	attackbotsspam	DATE:2020-09-21 11:45:29, IP:159.203.85.196, PORT:ssh SSH brute force auth (docker-dc)	2020-09-21 18:12:47
196.214.163.19	attack	信息 Transfer-Encoding: chunked HTTP/1.1 200 OK Cache-Control: no-store, no-cache, must-revalidate Server: nginx Connection: keep-alive Set-Cookie: PHPSESSID=ed3p7b7734v3jqeh4rmq6j16lc; path=/ Vary: Accept-Encoding Pragma: no-cache Expires: Thu, 19 Nov 1981 08:52:00 GMT Date: Mon, 21 Sep 2020 10:07:20 GMT Content-Type: text/html; charset=utf-8	2020-09-21 18:18:44
71.11.208.97	attack	(sshd) Failed SSH login from 71.11.208.97 (US/United States/071-011-208-097.res.spectrum.com): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Sep 20 12:58:08 internal2 sshd[3257]: Invalid user admin from 71.11.208.97 port 41818 Sep 20 12:58:08 internal2 sshd[3271]: Invalid user admin from 71.11.208.97 port 41830 Sep 20 12:58:09 internal2 sshd[3278]: Invalid user admin from 71.11.208.97 port 41841	2020-09-21 18:37:43
184.75.212.146	attack	[2020-09-21 05:52:09] NOTICE[1239] chan_sip.c: Registration from '"365"' failed for '184.75.212.146:41169' - Wrong password [2020-09-21 05:52:09] SECURITY[1264] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-21T05:52:09.136-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="365",SessionID="0x7f4d484e59a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/184.75.212.146/41169",Challenge="3d03b1ac",ReceivedChallenge="3d03b1ac",ReceivedHash="fa9e6e61dc6e0b4fe953fe77cf9d63fd" [2020-09-21 05:55:25] NOTICE[1239] chan_sip.c: Registration from '"366"' failed for '184.75.212.146:20196' - Wrong password [2020-09-21 05:55:25] SECURITY[1264] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2020-09-21T05:55:25.027-0400",Severity="Error",Service="SIP",EventVersion="2",AccountID="366",SessionID="0x7f4d48965da8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/184. ...	2020-09-21 18:11:08
113.20.99.51	attack	Listed on zen-spamhaus also barracudaCentral / proto=6 . srcport=47840 . dstport=445 . (2299)	2020-09-21 18:13:21
45.141.84.126	attackbots	Sep 21 10:53:36 sip sshd[1678491]: Invalid user admin from 45.141.84.126 port 54524 Sep 21 10:53:39 sip sshd[1678491]: Failed password for invalid user admin from 45.141.84.126 port 54524 ssh2 Sep 21 10:53:40 sip sshd[1678491]: Disconnecting invalid user admin 45.141.84.126 port 54524: Change of username or service not allowed: (admin,ssh-connection) -> (support,ssh-connection) [preauth] ...	2020-09-21 18:40:55
69.51.16.248	attack	(sshd) Failed SSH login from 69.51.16.248 (US/United States/-): 5 in the last 3600 secs	2020-09-21 18:38:53
185.187.96.240	attack	1600621121 - 09/20/2020 18:58:41 Host: 185.187.96.240/185.187.96.240 Port: 22 TCP Blocked	2020-09-21 18:14:47
112.254.55.131	attack	[Sun Sep 20 23:58:02.153212 2020] [:error] [pid 23423:tid 140118059661056] [client 112.254.55.131:39665] [client 112.254.55.131] ModSecurity: Access denied with code 403 (phase 1). Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/etc/modsecurity/coreruleset-3.3.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1041"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.0"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/setup.cgi"] [unique_id "AAAAAKyLvmllluV-tW9b4QAAAC0"] ...	2020-09-21 18:45:11
74.120.14.31	attackbotsspam	TCP (SYN) 74.120.14.31:47828 -> port 1911, len 44	2020-09-21 18:40:39

最近上报的IP列表

60.22.160.58	77.132.49.209	117.67.136.42	91.211.22.255
14.161.8.109	49.83.152.163	42.59.179.228	2804:7f2:2a8f:d2ed:bd4d:a08:1b0a:1c8a
209.97.169.136	149.202.72.17	187.188.51.80	193.56.28.42
255.150.204.89	212.230.117.75	198.27.106.140	189.180.166.34
187.75.75.127	68.183.39.235	1.175.159.123	98.190.139.82